CVE-2014-3170

extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 doesnot prevent use of a '\0' character in a host name, which allows remoteattackers to spoof the extension permission dialog by relying on truncationafter this character.